email-delivery
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Data Exfiltration (HIGH): The skill provides a mechanism to send sensitive tax analysis reports (PDF/Excel) to external email addresses provided as user input. There are no restrictions on recipient domains or validation of the 'To' field, enabling an attacker to exfiltrate sensitive financial data to an unauthorized external inbox.
- Indirect Prompt Injection (HIGH): The skill has a high-risk attack surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the context via fields like
{Entity Name},{Obligation}, and user-provided email addresses inSKILL.mdtemplates. - Boundary markers: There are no boundary markers or instructions to the agent to ignore embedded instructions within these fields.
- Capability inventory: The skill has a 'Write' capability through the SendGrid API (
POST https://api.sendgrid.com/v3/mail/send), allowing it to communicate with external entities. - Sanitization: No automated sanitization or escaping of external content is defined; the skill relies solely on 'Best Practices' text which provides no technical enforcement.
- Credentials Unsafe (LOW): The skill requires the
SENDGRID_API_KEYenvironment variable. While typical for API integrations, it represents a high-value target for theft if the agent's environment is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata